mm/page_alloc.c: add additional checking and return value for the 'table->data'
authorChen Gang <gang.chen@asianux.com>
Wed, 3 Jul 2013 22:02:35 +0000 (15:02 -0700)
committerLinus Torvalds <torvalds@linux-foundation.org>
Wed, 3 Jul 2013 23:07:31 +0000 (16:07 -0700)
- check the length of the procfs data before copying it into a fixed
  size array.

- when __parse_numa_zonelist_order() fails, save the error code for
  return.

- 'char*' --> 'char *' coding style fix

Signed-off-by: Chen Gang <gang.chen@asianux.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
mm/page_alloc.c

index fab9506273beeab76619878f8ce7dd76d22dbe8e..a662c74a0f5df30f7a3d116fd98e54c2cb77688a 100644 (file)
@@ -3256,18 +3256,25 @@ int numa_zonelist_order_handler(ctl_table *table, int write,
        static DEFINE_MUTEX(zl_order_mutex);
 
        mutex_lock(&zl_order_mutex);
-       if (write)
-               strcpy(saved_string, (char*)table->data);
+       if (write) {
+               if (strlen((char *)table->data) >= NUMA_ZONELIST_ORDER_LEN) {
+                       ret = -EINVAL;
+                       goto out;
+               }
+               strcpy(saved_string, (char *)table->data);
+       }
        ret = proc_dostring(table, write, buffer, length, ppos);
        if (ret)
                goto out;
        if (write) {
                int oldval = user_zonelist_order;
-               if (__parse_numa_zonelist_order((char*)table->data)) {
+
+               ret = __parse_numa_zonelist_order((char *)table->data);
+               if (ret) {
                        /*
                         * bogus value.  restore saved string
                         */
-                       strncpy((char*)table->data, saved_string,
+                       strncpy((char *)table->data, saved_string,
                                NUMA_ZONELIST_ORDER_LEN);
                        user_zonelist_order = oldval;
                } else if (oldval != user_zonelist_order) {